VPNPivot - Explore the network



Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory, accessing shared files, conducting MITM attacks ... etc. There are many techniques around like port forwarding, socks4 ..., but each one has its pros and cons. this is the reason why VPN pivoting techniques is out, it solves all the problems encountered by using both of the techniques mentioned above. It lets you interact with internal networks that are prevented by firewalls, NATs... etc.
This is an implementation of VPN pivoting technique in Linux using pure low-level sockets within tap device. It creates a fully encrypted tunnel using a SSL/TLS between the target machine and the attacker.

How it works:

VPN Pivot sends and receive a fully encrypted TCP/IP stack over TCP stream socket, then the peers forward it into the desired device/host. The attacker explores the internal network as he belongs to it within a local IP address taken from the dhcp server or statically configured.

Installation :

Arch Linux

yaourt -S vpnpivot-git

Linux

The installation is pretty straightforward, just type the following commands:
root@pwnies:~# git clone https://github.com/0x36/VPNPivot.git
root@pwnies:~# cd VPNPivot
root@pwnies:~/VPNPivot# ./autogen.sh
root@pwnies:~/VPNPivot# ./configure
root@pwnies:~/VPNPivot# make && make install
Powered by Blogger.